CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3537 matches found

Wordfence Blog•added 2026/04/09 6:12 p.m.•9 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)

Last week, there were 56 vulnerabilities disclosed in 50 WordPress Plugins that have been added to the Wordfence Intelligence Vulnerability Database, and there were 38 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to...

6AI score

Exploits0

Vulnrichment•added 2026/04/09 5:14 p.m.•1 views

CVE-2026-39961 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...

6.8CVSS5.8AI score0.00394EPSS

Exploits0References3

CVE•added 2026/04/09 5:14 p.m.•15 views

CVE-2026-39961

CVE-2026-39961 (Aiven Operator) affects Aiven Operator versions 0.31.0–0.36.x. A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any namespace. The operator reads the victim’s secret using its ClusterRole (aiven-operator-role) and writes ...

6.8CVSS5.9AI score0.00394EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/09 12:31 p.m.•11 views

EUVD-2026-20880

Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...

3.7CVSS5.9AI score0.00311EPSS

Exploits0References2

EUVD•added 2026/04/09 12:31 p.m.•7 views

EUVD-2026-20882

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

3.7CVSS5.9AI score0.00311EPSS

Exploits0References2

Snyk•added 2026/04/09 12:31 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /changes webhook endpoint. An attacker can exhaust system memory by sending an oversized JSON payload. Remediation Upgrade github.com/mattermost/mattermost-plugin-msteams/serv...

7.1CVSS5.8AI score0.00311EPSS

Exploits0References2

Snyk•added 2026/04/09 12:31 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /lifecycle webhook endpoint. An attacker can exhaust system memory and disrupt service availability by sending an oversized JSON payload. Remediation Upgrade...

6.5CVSS5.8AI score0.00311EPSS

Exploits0References2

Github Security Blog•added 2026/04/09 12:31 p.m.•7 views

Mattermost MS Teams plugin doesn't limit the request body size on the /lifecycle webhook endpoint

6.5CVSS5.2AI score0.00311EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2026/04/09 12:31 p.m.•10 views

Mattermost MS Teams plugin doesn't limit the request body size on the /changes webhook endpoint

6.5CVSS5.2AI score0.00311EPSS

Exploits0References5Affected Software1

NVD•added 2026/04/09 11:16 a.m.•5 views

CVE-2026-24661

6.5CVSS0.00311EPSS

Exploits0References1

NVD•added 2026/04/09 11:16 a.m.•6 views

CVE-2026-21388

6.5CVSS0.00311EPSS

Exploits0References1

Cvelist•added 2026/04/09 10:12 a.m.•17 views

CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint

3.7CVSS0.00311EPSS

Exploits0References1

Vulnrichment•added 2026/04/09 10:12 a.m.•3 views

CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint

3.7CVSS5.9AI score0.00311EPSS

Exploits0References1

CVE•added 2026/04/09 10:12 a.m.•14 views

CVE-2026-24661

Mattermost Plugins

6.5CVSS5.9AI score0.00311EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/09 10:9 a.m.•21 views

CVE-2026-21388 Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

3.7CVSS0.00311EPSS

Exploits0References1

Vulnrichment•added 2026/04/09 10:9 a.m.•3 views

CVE-2026-21388 Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

3.7CVSS5.9AI score0.00311EPSS

Exploits0References1

ATTACKERKB•added 2026/04/09 10:9 a.m.•2 views

CVE-2026-21388

3.7CVSS5.9AI score0.00311EPSS

Exploits0References2

OSV•added 2026/04/09 12:47 a.m.•5 views

CLEANSTART-2026-BY59711 gRPC-Go is the Go language implementation of gRPC

Multiple security vulnerabilities affect the cert-manager-webhook-pdns-fips package. gRPC-Go is the Go language implementation of gRPC. See references for individual vulnerability details...

9.8CVSS6.8AI score0.0056EPSS

Exploits1References13

Positive Technologies•added 2026/04/09 12:0 a.m.•2 views

PT-2026-31604

Name of the Vulnerable Software and Affected Versions Mattermost Plugins versions less than or equal to 2.1.3.0 Description Mattermost Plugins versions less than or equal to 2.1.3.0 do not limit the request body size on the /changes webhook endpoint. This allows an authenticated attacker to cause...

3.7CVSS5.8AI score0.00311EPSS

Exploits0References4

Positive Technologies•added 2026/04/09 12:0 a.m.•3 views

PT-2026-31603

3.7CVSS5.9AI score0.00311EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by